bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: access(2) shouldn't be used with test(1)


From: Garrett Cooper
Subject: Re: access(2) shouldn't be used with test(1)
Date: Tue, 20 Jul 2010 14:22:43 -0700

On Tue, Jul 20, 2010 at 2:18 PM, Linda Walsh <bash@tlinx.org> wrote:
> What are you saying it should return, because I get correct results
> on linux:
>
> sudo sh -c 'test -x start_trans; echo $?'
> 1
> sudo bash -c 'test -x start_trans; echo $?'  1
>
> Are you saying that access on BSD, when
> passed (filename "X_OK") returns "true" for superuser even
> when the file isn't executable?

Correct.

> Sounds like a bug to me....   if a file isn't executable, I don't care
> how "super" you are -- permission won't make a text file executable!
> ;-)

Yes, but POSIX says that it's allowed to be broken based on past
behavior, and FreeBSD just says "don't use access, act on the file",
which means that access on FreeBSD is only really useful for F_OK, but
I can get that from open/fstat/whatever.

Not having correct data via test(1) renders the utility useless in
many scenarios, which isn't desirable... I've found other issues with
other implementations of access that need to be resolved as well. This
is just one of the problem applications / languages that I'm
addressing that I care about.

Thanks,
-Garrett

> Garrett Cooper wrote:
>>
>>    According to the POSIX spec, using access(2) is implementation
>> dependent when running as superuser [1]. FreeBSD intentionally returns
>> true whenever euid/uid = 0 [2]. FreeBSD's /bin/sh doesn't have this
>> `issue' with test(1). Example:
>>
>> $ ls -l typescript
>> -rw-r--r--  1 gcooper  gcooper  37875 Jul 12 22:19 typescript
>> $ sudo sh -c 'test -x typescript; echo $?'
>> 1
>> $ sudo bash -c 'test -x typescript; echo $?'
>> 0
>>
>>    Code should be added to detect the mode via stat(2), instead of
>> access(2) (the FreeBSD manpage also notes security issues with race
>> conditions when using access(2), so access(2) use is discouraged).
>>    If I can get the details for grabbing bash from cvs/svn/whatever,
>> I'll whip up a patch for this.
>> Thanks,
>> -Garrett
>>
>> [1] http://www.opengroup.org/onlinepubs/000095399/functions/access.html
>> - see RATIONALE.
>> [2] http://www.freebsd.org/cgi/man.cgi?query=access
>>
>



reply via email to

[Prev in Thread] Current Thread [Next in Thread]